Jump to content

System Service Dispatch Table

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Zakblade2000 (talk | contribs) at 11:04, 17 June 2013. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The System Service Dispatch Table (SSDT) is an internal dispatch table within Microsoft Windows.

Hooking SSDT calls is often used as a technique in both Windows rootkits and antivirus software.[1][2]

In 2010, many computer security products which relied on hooking SSDT calls were shown to be vulnerable to exploits using race conditions to attack the products' security checks.[2]

Structure of the SSDT

typedef struct SystemServiceDescriptorTable
{
    PULONG ServiceTableBase; 
    PULONG ServiceCounterTableBase; 
    ULONG NumberOfServices; 
    PUCHAR ParamTableBase; 
}SSDT,*PSSDT;

References

  1. ^ "Windows rootkits of 2005, part one". Symantec. 2005.
  2. ^ a b "Attack defeats 'most' antivirus software". ZD Net UK. 2010.
Stub icon

This Microsoft Windows article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=System_Service_Dispatch_Table&oldid=560280476"